VulnerableCode Package Details - pkg:composer/codeigniter/framework@4.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-9313-7h29-aqcb Aliases: CVE-2022-23556 GHSA-ghw3-5qvm-3mqc	CodeIgniter4 allows spoofing of IP address when using proxy ### Impact This vulnerability may allow attackers to spoof their IP address when your server is behind a reverse proxy. ### Patches Upgrade to v4.2.11 or later, and configure `Config\App::$proxyIPs`. ### Workarounds Do not use `$request->getIPAddress()`. ### References - https://codeigniter4.github.io/userguide/incoming/request.html#CodeIgniter\HTTP\Request::getIPAddress ### For more information If you have any questions or comments about this advisory: * Open an issue in [codeigniter4/CodeIgniter4](https://github.com/codeigniter4/CodeIgniter4/issues) * Email us at [SECURITY.md](https://github.com/codeigniter4/CodeIgniter4/blob/develop/SECURITY.md)	4.2.11 Affected by 0 other vulnerabilities.
VCID-vbkq-554e-gfd8 Aliases: CVE-2022-46170 GHSA-6cq5-8cj7-g558	CodeIgniter4 Potential Session Handlers Vulnerability ### Impact When an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to `DatabaseHandler`, `MemcachedHandler`, or `RedisHandler`, then if an attacker gets one session cookie (e.g., one for user pages), they may be able to access pages that require another session cookie (e.g., for admin pages). ### Patches Upgrade to version 4.2.11 or later. ### Workarounds - Use only one session cookie. ### References - https://codeigniter4.github.io/userguide/libraries/sessions.html#session-drivers ### For more information If you have any questions or comments about this advisory: * Open an issue in [codeigniter4/CodeIgniter4](https://github.com/codeigniter4/CodeIgniter4/issues) * Email us at [SECURITY.md](https://github.com/codeigniter4/CodeIgniter4/blob/develop/SECURITY.md)	4.2.11 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-9313-7h29-aqcb
Aliases:
CVE-2022-23556
GHSA-ghw3-5qvm-3mqc

CodeIgniter4 allows spoofing of IP address when using proxy ### Impact This vulnerability may allow attackers to spoof their IP address when your server is behind a reverse proxy. ### Patches Upgrade to v4.2.11 or later, and configure `Config\App::$proxyIPs`. ### Workarounds Do not use `$request->getIPAddress()`. ### References - https://codeigniter4.github.io/userguide/incoming/request.html#CodeIgniter\HTTP\Request::getIPAddress ### For more information If you have any questions or comments about this advisory: * Open an issue in [codeigniter4/CodeIgniter4](https://github.com/codeigniter4/CodeIgniter4/issues) * Email us at [SECURITY.md](https://github.com/codeigniter4/CodeIgniter4/blob/develop/SECURITY.md)

4.2.11
Affected by 0 other vulnerabilities.

VCID-vbkq-554e-gfd8
Aliases:
CVE-2022-46170
GHSA-6cq5-8cj7-g558

CodeIgniter4 Potential Session Handlers Vulnerability ### Impact When an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to `DatabaseHandler`, `MemcachedHandler`, or `RedisHandler`, then if an attacker gets one session cookie (e.g., one for user pages), they may be able to access pages that require another session cookie (e.g., for admin pages). ### Patches Upgrade to version 4.2.11 or later. ### Workarounds - Use only one session cookie. ### References - https://codeigniter4.github.io/userguide/libraries/sessions.html#session-drivers ### For more information If you have any questions or comments about this advisory: * Open an issue in [codeigniter4/CodeIgniter4](https://github.com/codeigniter4/CodeIgniter4/issues) * Email us at [SECURITY.md](https://github.com/codeigniter4/CodeIgniter4/blob/develop/SECURITY.md)

4.2.11
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T17:13:51.818680+00:00	GitLab Importer	Affected by	VCID-9313-7h29-aqcb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-23556.yml	38.6.0
2026-06-05T17:13:51.012141+00:00	GitLab Importer	Affected by	VCID-vbkq-554e-gfd8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-46170.yml	38.6.0

2026-06-05T17:13:51.818680+00:00

GitLab Importer

Affected by

VCID-9313-7h29-aqcb

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-23556.yml

38.6.0

2026-06-05T17:13:51.012141+00:00

GitLab Importer

Affected by

VCID-vbkq-554e-gfd8

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/CVE-2022-46170.yml

38.6.0

purl	pkg:composer/codeigniter/framework@4.0.0
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0